Is Your Business in Compliance with Washington’s New Data Privacy Statute?
Washington’s new data privacy statute, “My Health, My Data Act” (“MHMD” or the “Act”), officially became fully effective on March 31, 2024, for regulated entities under the Act, while small businesses have until June 30, 2024, to comply. The purpose of MHMD is to protect consumers’ personal health data not otherwise protected by federal regulation, such as HIPAA. Businesses should be familiar with Washington’s preexisting biometric privacy law, RCW 19.375, and recognize MHMD’s coverage is far more expansive. MHMD regulates the collection, sharing, selling, and processing of “consumer health data.” It applies to entities that conduct business in Washington as well as those that provide services or products to Washington.
Notably, the Act does not regulate the collection of employee data like other privacy statutes. However, the scope of MHMD’s regulation expands far beyond traditional health data and biometric data, which has been the focus of many other data privacy statutes throughout the country. Unlike Washinton’s biometric statute, MHMD can be enforced by private parties through a private right of action, in addition to the Attorney General. Consumers can sue for damages and other relief for violations of MHMD, which gives it the potential to spur class action litigation.
To read the full post, please visit our Biometric Privacy Insider blog.